NVD Vulnerability Detail

CVE-2017-12635

Summary	Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keys for 'roles' used for access control within the database, including the special case '_admin' role, that denotes administrative users. In combination with CVE-2017-12636 (Remote Code Execution), this can be used to give non-admin users access to arbitrary shell commands on the server as the database system user. The JSON parser differences result in behaviour that if two 'roles' keys are available in the JSON, the second one will be used for authorising the document write, but the first 'roles' key is used for subsequent authorization for the newly created user. By design, users can not assign themselves roles. The vulnerability allows non-admin users to give themselves admin privileges.
Publication Date	Nov. 15, 2017, 5:29 a.m.
Registration Date	Jan. 26, 2021, 1:14 p.m.
Last Update	Nov. 21, 2024, 12:09 p.m.

Affected software configurations

Related information, measures and tools

No	URL	タグ
1	http://www.securityfocus.com/bid/101868	Third Party Advisory VDB Entry
2	http://www.securityfocus.com/bid/101868	Third Party Advisory VDB Entry
3	https://lists.apache.org/thread.html/6c405bf3f8358e6314076be9f48c89a2e0ddf00539906291ebdf0c67%40%3Cdev.couchdb.apache.org%3E
4	https://lists.apache.org/thread.html/6c405bf3f8358e6314076be9f48c89a2e0ddf00539906291ebdf0c67%40%3Cdev.couchdb.apache.org%3E
5	https://lists.debian.org/debian-lts-announce/2018/01/msg00026.html
6	https://lists.debian.org/debian-lts-announce/2018/01/msg00026.html
7	https://security.gentoo.org/glsa/201711-16	Third Party Advisory
8	https://security.gentoo.org/glsa/201711-16	Third Party Advisory
9	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03935en_us
10	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03935en_us
11	https://www.exploit-db.com/exploits/44498/
12	https://www.exploit-db.com/exploits/44498/
13	https://www.exploit-db.com/exploits/45019/
14	https://www.exploit-db.com/exploits/45019/

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-269	不適切な権限管理	https://cwe.mitre.org/data/definitions/269.html

JVN Vulnerability Information

Apache CouchDB における認可・権限・アクセス制御に関する脆弱性

Title	Apache CouchDB における認可・権限・アクセス制御に関する脆弱性
Summary	Apache CouchDB には、認可・権限・アクセス制御に関する脆弱性が存在します。
Possible impacts	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Nov. 15, 2017, midnight
Registration Date	Dec. 12, 2017, 10:48 a.m.
Last Update	Dec. 12, 2017, 10:48 a.m.

Affected System

Apache Software Foundation

Apache CouchDB 1.7.0 未満

Apache CouchDB 2.1.1 未満の 2.x

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2017-12635	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12635
National Vulnerability Database (NVD)
2	CVE-2017-12635	https://nvd.nist.gov/vuln/detail/CVE-2017-12635

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-264	https://jvndb.jvn.jp/ja/cwe/CWE-264.html

ベンダー情報

No	Name	URL
Pony Mail
1	Apache CouchDB CVE-2017-12635 and CVE-2017-12636	https://lists.apache.org/thread.html/6c405bf3f8358e6314076be9f48c89a2e0ddf00539906291ebdf0c67@%3Cdev.couchdb.apache.org%3E

Change Log

No	Changed Details	Date of change
0	[2017年12月12日] 掲載	Feb. 17, 2018, 10:37 a.m.